mirror of
https://github.com/samply/bridgehead.git
synced 2026-04-17 20:50:15 +02:00
Compare commits
1 Commits
fix/altern
...
feat/nngm
| Author | SHA1 | Date | |
|---|---|---|---|
|
3b383932a4 |
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if [ -n "${DS_DIRECTORY_USER_NAME}" ] || [ -n "${DS_DIRECTORY_USER_TOKEN}" ]; then
|
if [ -n "${DS_DIRECTORY_USER_NAME}" ]; then
|
||||||
log INFO "Directory sync setup detected -- will start directory sync service."
|
log INFO "Directory sync setup detected -- will start directory sync service."
|
||||||
OVERRIDE+=" -f ./$PROJECT/modules/directory-sync-compose.yml"
|
OVERRIDE+=" -f ./$PROJECT/modules/directory-sync-compose.yml"
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -11,7 +11,6 @@ services:
|
|||||||
BLAZE_URL: "http://blaze:8080/fhir/"
|
BLAZE_URL: "http://blaze:8080/fhir/"
|
||||||
BEAM_PROXY_URL: http://beam-proxy-eric:8081
|
BEAM_PROXY_URL: http://beam-proxy-eric:8081
|
||||||
RETRY_COUNT: ${FOCUS_RETRY_COUNT}
|
RETRY_COUNT: ${FOCUS_RETRY_COUNT}
|
||||||
OBFUSCATE_BBMRI_ERIC_WAY: "true"
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- "beam-proxy-eric"
|
- "beam-proxy-eric"
|
||||||
- "blaze"
|
- "blaze"
|
||||||
|
|||||||
@@ -2,9 +2,7 @@ version: "3.7"
|
|||||||
services:
|
services:
|
||||||
lens:
|
lens:
|
||||||
container_name: lens_federated-search
|
container_name: lens_federated-search
|
||||||
image: samply/cce-explorer:main
|
image: ghcr.io/samply/cce-explorer:pr-1
|
||||||
environment:
|
|
||||||
PUBLIC_SPOT_URL: https://${HOST}/prod
|
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.services.lens.loadbalancer.server.port=3000"
|
- "traefik.http.services.lens.loadbalancer.server.port=3000"
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ services:
|
|||||||
- "blaze-data:/app/data"
|
- "blaze-data:/app/data"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.blaze_itcc.rule=Host(`${HOST}`) && PathPrefix(`/itcc-localdatamanagement`)"
|
- "traefik.http.routers.blaze_itcc.rule=PathPrefix(`/itcc-localdatamanagement`)"
|
||||||
- "traefik.http.middlewares.itcc_b_strip.stripprefix.prefixes=/itcc-localdatamanagement"
|
- "traefik.http.middlewares.itcc_b_strip.stripprefix.prefixes=/itcc-localdatamanagement"
|
||||||
- "traefik.http.services.blaze_itcc.loadbalancer.server.port=8080"
|
- "traefik.http.services.blaze_itcc.loadbalancer.server.port=8080"
|
||||||
- "traefik.http.routers.blaze_itcc.middlewares=itcc_b_strip,auth"
|
- "traefik.http.routers.blaze_itcc.middlewares=itcc_b_strip,auth"
|
||||||
@@ -34,6 +34,7 @@ services:
|
|||||||
EPSILON: 0.28
|
EPSILON: 0.28
|
||||||
QUERIES_TO_CACHE: '/queries_to_cache.conf'
|
QUERIES_TO_CACHE: '/queries_to_cache.conf'
|
||||||
ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
|
ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
|
||||||
|
CQL_PROJECTS_ENABLED: "itcc"
|
||||||
volumes:
|
volumes:
|
||||||
- /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro
|
- /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro
|
||||||
depends_on:
|
depends_on:
|
||||||
|
|||||||
@@ -1,6 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
if [ -n "$ENABLE_OMICS" ];then
|
|
||||||
OVERRIDE+=" -f ./$PROJECT/modules/itcc-omics-ingest.yaml"
|
|
||||||
GENERATE_API_KEY="$(generate_simple_password 'omics')"
|
|
||||||
fi
|
|
||||||
@@ -1,14 +0,0 @@
|
|||||||
services:
|
|
||||||
omics-endpoint:
|
|
||||||
image: ghcr.io/samply/itcc-omics-ingest:main
|
|
||||||
environment:
|
|
||||||
- API_KEY=${GENERATE_API_KEY}
|
|
||||||
volumes:
|
|
||||||
- /var/cache/bridgehead/omics/data:/data/uploads
|
|
||||||
labels:
|
|
||||||
- "traefik.http.routers.omics.rule=Host(`${HOST}`) && PathPrefix(`/api/omics`)"
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.services.omics.loadbalancer.server.port=6080"
|
|
||||||
- "traefik.http.routers.omics.tls=true"
|
|
||||||
- "traefik.http.middlewares.omics-stripprefix.stripprefix.prefixes=/api"
|
|
||||||
- "traefik.http.routers.omics.middlewares=omics-stripprefix"
|
|
||||||
@@ -1,47 +1,33 @@
|
|||||||
version: "3.7"
|
version: "3.7"
|
||||||
services:
|
services:
|
||||||
itcc-explorer:
|
landing:
|
||||||
container_name: lens_itcc_explorer
|
container_name: lens_federated-search
|
||||||
image: samply/itcc-explorer:main
|
image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
|
||||||
environment:
|
|
||||||
HOST: "0.0.0.0"
|
|
||||||
BIND_ADDR: "0.0.0.0:3000"
|
|
||||||
PUBLIC_ENVIRONMENT: ${PUBLIC_ENVIRONMENT}
|
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.itcc.rule=Host(`${HOST}`) && PathPrefix(`/`)"
|
- "traefik.http.routers.landing.rule=PathPrefix(`/`)"
|
||||||
- "traefik.http.routers.itcc.entrypoints=websecure"
|
- "traefik.http.services.landing.loadbalancer.server.port=80"
|
||||||
- "traefik.http.services.itcc.loadbalancer.server.port=3000"
|
- "traefik.http.routers.landing.tls=true"
|
||||||
- "traefik.http.routers.itcc.tls=true"
|
|
||||||
|
|
||||||
spot:
|
spot:
|
||||||
image: samply/rustyspot:latest
|
image: docker.verbis.dkfz.de/ccp-private/central-spot
|
||||||
environment:
|
environment:
|
||||||
BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
|
BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
|
||||||
BEAM_PROXY_URL: http://beam-proxy:8081
|
BEAM_URL: http://beam-proxy:8081
|
||||||
BEAM_PROXY_ID: ${SITE_ID}
|
BEAM_PROXY_ID: ${SITE_ID}
|
||||||
BEAM_BROKER_ID: ${BROKER_ID}
|
BEAM_BROKER_ID: ${BROKER_ID}
|
||||||
BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}"
|
BEAM_APP_ID: "focus"
|
||||||
CORS_ORIGIN: "https://${HOST}"
|
PROJECT_METADATA: "itcc"
|
||||||
SITES: ${SITES}
|
|
||||||
TRANSFORM: LENS
|
|
||||||
PROJECT: "itcc"
|
|
||||||
BIND_ADDR: 0.0.0.0:8055
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- "beam-proxy"
|
- "beam-proxy"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.services.spot.loadbalancer.server.port=8055"
|
- "traefik.http.services.spot.loadbalancer.server.port=8080"
|
||||||
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
|
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
|
||||||
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type"
|
|
||||||
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
|
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
|
||||||
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
|
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
|
||||||
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
|
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
|
||||||
- "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)"
|
- "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
|
||||||
- "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod"
|
- "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
|
||||||
- "traefik.http.routers.spot.tls=true"
|
- "traefik.http.routers.spot.tls=true"
|
||||||
- "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth"
|
- "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth"
|
||||||
|
|
||||||
beam-proxy:
|
|
||||||
environment:
|
|
||||||
APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT}
|
|
||||||
|
|||||||
@@ -6,7 +6,6 @@ FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
|
|||||||
SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de
|
SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de
|
||||||
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
|
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||||
BROKER_URL_FOR_PREREQ=$BROKER_URL
|
BROKER_URL_FOR_PREREQ=$BROKER_URL
|
||||||
PUBLIC_ENVIRONMENT=prod
|
|
||||||
|
|
||||||
for module in $PROJECT/modules/*.sh
|
for module in $PROJECT/modules/*.sh
|
||||||
do
|
do
|
||||||
|
|||||||
@@ -12,8 +12,7 @@ services:
|
|||||||
BASE_URL: "http://bridgehead-kr-blaze:8080"
|
BASE_URL: "http://bridgehead-kr-blaze:8080"
|
||||||
JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
|
JAVA_TOOL_OPTIONS: "-Xmx${BLAZE_MEMORY_CAP:-4096}m"
|
||||||
DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
|
DB_RESOURCE_CACHE_SIZE: ${BLAZE_RESOURCE_CACHE_CAP:-2500000}
|
||||||
DB_BLOCK_CACHE_SIZE: ${BLAZE_MEMORY_CAP}
|
DB_BLOCK_CACHE_SIZE: $BLAZE_MEMORY_CAP
|
||||||
CQL_EXPR_CACHE_SIZE: ${BLAZE_CQL_CACHE_CAP:-32}
|
|
||||||
ENFORCE_REFERENTIAL_INTEGRITY: "false"
|
ENFORCE_REFERENTIAL_INTEGRITY: "false"
|
||||||
volumes:
|
volumes:
|
||||||
- "blaze-data:/app/data"
|
- "blaze-data:/app/data"
|
||||||
|
|||||||
6
kr/modules/export-and-qb.curl-templates
Normal file
6
kr/modules/export-and-qb.curl-templates
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
# Full Excel Export
|
||||||
|
curl --location --request POST 'https://${HOST}/ccp-exporter/request?query=Patient&query-format=FHIR_PATH&template-id=ccp&output-format=EXCEL' \
|
||||||
|
--header 'x-api-key: ${EXPORT_API_KEY}'
|
||||||
|
|
||||||
|
# QB
|
||||||
|
curl --location --request POST 'https://${HOST}/ccp-reporter/generate?template-id=ccp'
|
||||||
@@ -4,41 +4,32 @@ services:
|
|||||||
deploy:
|
deploy:
|
||||||
replicas: 1 #reactivate if lens is in use
|
replicas: 1 #reactivate if lens is in use
|
||||||
container_name: lens_federated-search
|
container_name: lens_federated-search
|
||||||
image: docker.verbis.dkfz.de/ccp/kr-explorer:main
|
image: docker.verbis.dkfz.de/ccp/lens:${SITE_ID}
|
||||||
environment:
|
|
||||||
PUBLIC_SPOT_URL: https://${HOST}/prod
|
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.services.lens.loadbalancer.server.port=3000"
|
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.lens.rule=Host(`${HOST}`)"
|
- "traefik.http.routers.landing.rule=PathPrefix(`/`)"
|
||||||
- "traefik.http.routers.lens.tls=true"
|
- "traefik.http.services.landing.loadbalancer.server.port=80"
|
||||||
|
- "traefik.http.routers.landing.tls=true"
|
||||||
|
|
||||||
spot:
|
spot:
|
||||||
image: samply/rustyspot:latest
|
image: docker.verbis.dkfz.de/ccp-private/central-spot
|
||||||
environment:
|
environment:
|
||||||
BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
|
BEAM_SECRET: "${FOCUS_BEAM_SECRET_SHORT}"
|
||||||
BEAM_PROXY_URL: http://beam-proxy:8081
|
BEAM_URL: http://beam-proxy:8081
|
||||||
BEAM_APP_ID: "spot.${SITE_ID}.${BROKER_ID}"
|
BEAM_PROXY_ID: ${SITE_ID}
|
||||||
CORS_ORIGIN: "https://${HOST}"
|
BEAM_BROKER_ID: ${BROKER_ID}
|
||||||
SITES: ${SITES}
|
BEAM_APP_ID: "focus"
|
||||||
TRANSFORM: LENS
|
PROJECT_METADATA: "kr_supervisors"
|
||||||
PROJECT: kr
|
|
||||||
BIND_ADDR: 0.0.0.0:8055
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- "beam-proxy"
|
- "beam-proxy"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.services.spot.loadbalancer.server.port=8055"
|
- "traefik.http.services.spot.loadbalancer.server.port=8080"
|
||||||
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
|
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowmethods=GET,OPTIONS,POST"
|
||||||
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowheaders=content-type"
|
|
||||||
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
|
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolalloworiginlist=https://${HOST}"
|
||||||
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
|
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolallowcredentials=true"
|
||||||
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
|
- "traefik.http.middlewares.corsheaders2.headers.accesscontrolmaxage=-1"
|
||||||
- "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/prod`)"
|
- "traefik.http.routers.spot.rule=Host(`${HOST}`) && PathPrefix(`/backend`)"
|
||||||
- "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/prod"
|
- "traefik.http.middlewares.stripprefix_spot.stripprefix.prefixes=/backend"
|
||||||
- "traefik.http.routers.spot.tls=true"
|
- "traefik.http.routers.spot.tls=true"
|
||||||
- "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot,auth"
|
- "traefik.http.routers.spot.middlewares=corsheaders2,stripprefix_spot"
|
||||||
|
|
||||||
beam-proxy:
|
|
||||||
environment:
|
|
||||||
APP_spot_KEY: ${FOCUS_BEAM_SECRET_SHORT}
|
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ version: "3.7"
|
|||||||
services:
|
services:
|
||||||
obds2fhir-rest:
|
obds2fhir-rest:
|
||||||
container_name: bridgehead-obds2fhir-rest
|
container_name: bridgehead-obds2fhir-rest
|
||||||
image: docker.verbis.dkfz.de/samply/obds2fhir-rest:main
|
image: docker.verbis.dkfz.de/ccp/obds2fhir-rest:main
|
||||||
environment:
|
environment:
|
||||||
IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID
|
IDTYPE: BK_${IDMANAGEMENT_FRIENDLY_ID}_L-ID
|
||||||
MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}
|
MAINZELLISTE_APIKEY: ${IDMANAGER_LOCAL_PATIENTLIST_APIKEY}
|
||||||
|
|||||||
2
kr/vars
2
kr/vars
@@ -3,7 +3,7 @@ BROKER_URL=https://${BROKER_ID}
|
|||||||
PROXY_ID=${SITE_ID}.${BROKER_ID}
|
PROXY_ID=${SITE_ID}.${BROKER_ID}
|
||||||
FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
|
FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
|
||||||
FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
|
FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
|
||||||
SUPPORT_EMAIL=p.delpy@dkfz-heidelberg.de
|
SUPPORT_EMAIL=arturo.macias@dkfz-heidelberg.de
|
||||||
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
|
PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
|
||||||
BROKER_URL_FOR_PREREQ=$BROKER_URL
|
BROKER_URL_FOR_PREREQ=$BROKER_URL
|
||||||
|
|
||||||
|
|||||||
@@ -9,15 +9,6 @@ detectCompose() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# Encodes all characters not in unrestricted character set of RFC3986 Section 2.3
|
|
||||||
urlencode() {
|
|
||||||
for ((i=0;i<${#1};i++)); do
|
|
||||||
local c=${1:i:1}
|
|
||||||
[[ "$c" =~ [a-zA-Z0-9._~-] ]] && printf '%s' "$c" || printf '%%%02X' "'$c"
|
|
||||||
done
|
|
||||||
echo
|
|
||||||
}
|
|
||||||
|
|
||||||
setupProxy() {
|
setupProxy() {
|
||||||
### Note: As the current data protection concepts do not allow communication via HTTP,
|
### Note: As the current data protection concepts do not allow communication via HTTP,
|
||||||
### we are not setting a proxy for HTTP requests.
|
### we are not setting a proxy for HTTP requests.
|
||||||
@@ -31,12 +22,9 @@ setupProxy() {
|
|||||||
HTTPS_PROXY_HOST="$(echo $hostport | sed -e 's,:.*,,g')"
|
HTTPS_PROXY_HOST="$(echo $hostport | sed -e 's,:.*,,g')"
|
||||||
HTTPS_PROXY_PORT="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')"
|
HTTPS_PROXY_PORT="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')"
|
||||||
if [[ ! -z "$HTTPS_PROXY_USERNAME" && ! -z "$HTTPS_PROXY_PASSWORD" ]]; then
|
if [[ ! -z "$HTTPS_PROXY_USERNAME" && ! -z "$HTTPS_PROXY_PASSWORD" ]]; then
|
||||||
local ESCAPED_PASSWORD="$(echo $HTTPS_PROXY_PASSWORD | od -An -v -t x1 | sed -e 's/[[:space:]]//g' -e 's/\([0-9a-f][0-9a-f]\)/%\1/g' | tr -d '\n')"
|
|
||||||
local CURL_ESCAPED_PW="$(urlencode $HTTPS_PROXY_PASSWORD)"
|
|
||||||
local proto="$(echo $HTTPS_PROXY_URL | grep :// | sed -e 's,^\(.*://\).*,\1,g')"
|
local proto="$(echo $HTTPS_PROXY_URL | grep :// | sed -e 's,^\(.*://\).*,\1,g')"
|
||||||
local fqdn="$(echo ${HTTPS_PROXY_URL/$proto/})"
|
local fqdn="$(echo ${HTTPS_PROXY_URL/$proto/})"
|
||||||
HTTPS_PROXY_FULL_URL="$(echo $proto$HTTPS_PROXY_USERNAME:$ESCAPED_PASSWORD@$fqdn)"
|
HTTPS_PROXY_FULL_URL="$(echo $proto$HTTPS_PROXY_USERNAME:$HTTPS_PROXY_PASSWORD@$fqdn)"
|
||||||
CURL_HTTPS_PROXY_FULL_URL="$(echo $proto$HTTPS_PROXY_USERNAME:$CURL_ESCAPED_PW@$fqdn)"
|
|
||||||
https="authenticated"
|
https="authenticated"
|
||||||
else
|
else
|
||||||
HTTPS_PROXY_FULL_URL=$HTTPS_PROXY_URL
|
HTTPS_PROXY_FULL_URL=$HTTPS_PROXY_URL
|
||||||
@@ -45,7 +33,7 @@ setupProxy() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
log INFO "Configuring proxy servers: $http http proxy (we're not supporting unencrypted comms), $https https proxy"
|
log INFO "Configuring proxy servers: $http http proxy (we're not supporting unencrypted comms), $https https proxy"
|
||||||
export HTTPS_PROXY_HOST HTTPS_PROXY_PORT HTTPS_PROXY_FULL_URL CURL_HTTPS_PROXY_FULL_URL
|
export HTTPS_PROXY_HOST HTTPS_PROXY_PORT HTTPS_PROXY_FULL_URL
|
||||||
}
|
}
|
||||||
|
|
||||||
exitIfNotRoot() {
|
exitIfNotRoot() {
|
||||||
@@ -339,7 +327,7 @@ function sync_secrets() {
|
|||||||
-e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
|
-e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
|
||||||
-e PROXY_ID=$proxy_id \
|
-e PROXY_ID=$proxy_id \
|
||||||
-e BROKER_URL=$broker_url \
|
-e BROKER_URL=$broker_url \
|
||||||
-e OIDC_PROVIDER=secret-sync-central.central-secret-sync.$broker_id \
|
-e OIDC_PROVIDER=secret-sync-central.test-secret-sync.$broker_id \
|
||||||
-e SECRET_DEFINITIONS=$secret_sync_args \
|
-e SECRET_DEFINITIONS=$secret_sync_args \
|
||||||
docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest
|
docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest
|
||||||
|
|
||||||
|
|||||||
@@ -47,8 +47,8 @@ function hc_send(){
|
|||||||
|
|
||||||
if [ -n "$2" ]; then
|
if [ -n "$2" ]; then
|
||||||
MSG="$2\n\nDocker stats:\n$UPTIME"
|
MSG="$2\n\nDocker stats:\n$UPTIME"
|
||||||
echo -e "$MSG" | https_proxy=$CURL_HTTPS_PROXY_FULL_URL curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null -X POST --data-binary @- "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1"
|
echo -e "$MSG" | https_proxy=$HTTPS_PROXY_FULL_URL curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null -X POST --data-binary @- "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1"
|
||||||
else
|
else
|
||||||
https_proxy=$CURL_HTTPS_PROXY_FULL_URL curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1"
|
https_proxy=$HTTPS_PROXY_FULL_URL curl --max-time 5 -A "$USER_AGENT" -s -o /dev/null "$HCURL"/"$1" || log WARN "Monitoring failed: Unable to send data to $HCURL/$1"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -71,7 +71,7 @@ source ${PROJECT}/vars
|
|||||||
|
|
||||||
if [ "${PROJECT}" != "minimal" ]; then
|
if [ "${PROJECT}" != "minimal" ]; then
|
||||||
set +e
|
set +e
|
||||||
SERVERTIME="$(https_proxy=$CURL_HTTPS_PROXY_FULL_URL curl -m 5 -s -I $BROKER_URL_FOR_PREREQ 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')"
|
SERVERTIME="$(https_proxy=$HTTPS_PROXY_FULL_URL curl -m 5 -s -I $BROKER_URL_FOR_PREREQ 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')"
|
||||||
RET=$?
|
RET=$?
|
||||||
set -e
|
set -e
|
||||||
if [ $RET -ne 0 ]; then
|
if [ $RET -ne 0 ]; then
|
||||||
|
|||||||
@@ -1,123 +0,0 @@
|
|||||||
source ../functions.sh
|
|
||||||
|
|
||||||
test_setupProxy() {
|
|
||||||
# simple logger for tests
|
|
||||||
log() { :; }
|
|
||||||
|
|
||||||
local failures=0
|
|
||||||
local total=0
|
|
||||||
|
|
||||||
assert_eq() {
|
|
||||||
local label="$1" got="$2" expected="$3"
|
|
||||||
total=$((total + 1))
|
|
||||||
if [[ "$got" != "$expected" ]]; then
|
|
||||||
failures=$((failures + 1))
|
|
||||||
printf 'FAIL: %s\n got: %q\n expected: %q\n\n' "$label" "$got" "$expected"
|
|
||||||
else
|
|
||||||
printf 'ok: %s\n' "$label"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
run_case() {
|
|
||||||
local name="$1"
|
|
||||||
local url="$2"
|
|
||||||
local u="$3"
|
|
||||||
local p="$4"
|
|
||||||
local exp_host="$5"
|
|
||||||
local exp_port="$6"
|
|
||||||
local exp_full="$7"
|
|
||||||
|
|
||||||
HTTPS_PROXY_URL="$url"
|
|
||||||
HTTPS_PROXY_USERNAME="$u"
|
|
||||||
HTTPS_PROXY_PASSWORD="$p"
|
|
||||||
|
|
||||||
setupProxy >/dev/null 2>&1
|
|
||||||
|
|
||||||
assert_eq "$name host" "$HTTPS_PROXY_HOST" "$exp_host"
|
|
||||||
assert_eq "$name port" "$HTTPS_PROXY_PORT" "$exp_port"
|
|
||||||
assert_eq "$name full" "$HTTPS_PROXY_FULL_URL" "$exp_full"
|
|
||||||
}
|
|
||||||
|
|
||||||
echo "Running setupProxy tests..."
|
|
||||||
echo
|
|
||||||
|
|
||||||
# 1) Basic https host:port
|
|
||||||
run_case "basic https" \
|
|
||||||
"https://proxy.example.org:8443" "" "" \
|
|
||||||
"proxy.example.org" "8443" \
|
|
||||||
"https://proxy.example.org:8443"
|
|
||||||
|
|
||||||
# 2) https without port -> default 443
|
|
||||||
run_case "https no port" \
|
|
||||||
"https://proxy.example.org" "" "" \
|
|
||||||
"proxy.example.org" "443" \
|
|
||||||
"https://proxy.example.org"
|
|
||||||
|
|
||||||
# 3) no scheme, host:port -> defaults scheme=https
|
|
||||||
run_case "no scheme hostport" \
|
|
||||||
"proxy.example.org:3128" "" "" \
|
|
||||||
"proxy.example.org" "3128" \
|
|
||||||
"https://proxy.example.org:3128"
|
|
||||||
|
|
||||||
# 4) URL with path/query/fragment
|
|
||||||
run_case "ignores path" \
|
|
||||||
"https://proxy.example.org:8443/some/path?x=1#y" "" "" \
|
|
||||||
"proxy.example.org" "8443" \
|
|
||||||
"https://proxy.example.org:8443"
|
|
||||||
|
|
||||||
# 5) explicit env creds inserted
|
|
||||||
run_case "env creds override" \
|
|
||||||
"https://proxy.example.org:8443" "alice" "secret" \
|
|
||||||
"proxy.example.org" "8443" \
|
|
||||||
"https://alice:secret@proxy.example.org:8443"
|
|
||||||
|
|
||||||
# 6) embedded creds used if env creds absent
|
|
||||||
run_case "embedded creds" \
|
|
||||||
"https://bob:pw@proxy.example.org:8443" "" "" \
|
|
||||||
"proxy.example.org" "8443" \
|
|
||||||
"https://bob:pw@proxy.example.org:8443"
|
|
||||||
|
|
||||||
# 7) env creds override embedded creds
|
|
||||||
run_case "env overrides embedded" \
|
|
||||||
"https://bob:pw@proxy.example.org:8443" "alice" "secret" \
|
|
||||||
"proxy.example.org" "8443" \
|
|
||||||
"https://alice:secret@proxy.example.org:8443"
|
|
||||||
|
|
||||||
# 8) IPv6 literal with port
|
|
||||||
run_case "ipv6 with port" \
|
|
||||||
"https://[2001:db8::1]:8080" "" "" \
|
|
||||||
"2001:db8::1" "8080" \
|
|
||||||
"https://[2001:db8::1]:8080"
|
|
||||||
|
|
||||||
# 9) IPv6 literal without port -> default 443
|
|
||||||
run_case "ipv6 no port" \
|
|
||||||
"https://[2001:db8::1]" "" "" \
|
|
||||||
"2001:db8::1" "443" \
|
|
||||||
"https://[2001:db8::1]"
|
|
||||||
|
|
||||||
# 10) http scheme rejected -> outputs empty
|
|
||||||
HTTPS_PROXY_URL="http://proxy.example.org:8080"
|
|
||||||
HTTPS_PROXY_USERNAME=""
|
|
||||||
HTTPS_PROXY_PASSWORD=""
|
|
||||||
setupProxy >/dev/null 2>&1
|
|
||||||
assert_eq "http rejected host" "${HTTPS_PROXY_HOST:-}" ""
|
|
||||||
assert_eq "http rejected port" "${HTTPS_PROXY_PORT:-}" ""
|
|
||||||
assert_eq "http rejected full" "${HTTPS_PROXY_FULL_URL:-}" ""
|
|
||||||
|
|
||||||
# 11) empty URL -> outputs empty but no failure
|
|
||||||
HTTPS_PROXY_URL=""
|
|
||||||
setupProxy >/dev/null 2>&1
|
|
||||||
assert_eq "empty url host" "${HTTPS_PROXY_HOST:-}" ""
|
|
||||||
assert_eq "empty url port" "${HTTPS_PROXY_PORT:-}" ""
|
|
||||||
assert_eq "empty url full" "${HTTPS_PROXY_FULL_URL:-}" ""
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo "Tests complete: $((total - failures))/$total passed."
|
|
||||||
if (( failures > 0 )); then
|
|
||||||
echo "Some tests failed."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
test_setupProxy
|
|
||||||
@@ -32,7 +32,7 @@ services:
|
|||||||
|
|
||||||
forward_proxy:
|
forward_proxy:
|
||||||
container_name: bridgehead-forward-proxy
|
container_name: bridgehead-forward-proxy
|
||||||
image: samply/bridgehead-forward-proxy:pr-16
|
image: docker.verbis.dkfz.de/cache/samply/bridgehead-forward-proxy:latest
|
||||||
environment:
|
environment:
|
||||||
HTTPS_PROXY: ${HTTPS_PROXY_URL}
|
HTTPS_PROXY: ${HTTPS_PROXY_URL}
|
||||||
HTTPS_PROXY_USERNAME: ${HTTPS_PROXY_USERNAME}
|
HTTPS_PROXY_USERNAME: ${HTTPS_PROXY_USERNAME}
|
||||||
|
|||||||
@@ -22,7 +22,8 @@ services:
|
|||||||
- "traefik.http.routers.blaze_nngm.tls=true"
|
- "traefik.http.routers.blaze_nngm.tls=true"
|
||||||
|
|
||||||
focus:
|
focus:
|
||||||
image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
|
#image: docker.verbis.dkfz.de/cache/samply/focus:${FOCUS_TAG}
|
||||||
|
image: ghcr.io/samply/focus:feature-nngm-v2
|
||||||
container_name: bridgehead-focus
|
container_name: bridgehead-focus
|
||||||
environment:
|
environment:
|
||||||
- API_KEY=${FOCUS_BEAM_SECRET_SHORT}
|
- API_KEY=${FOCUS_BEAM_SECRET_SHORT}
|
||||||
|
|||||||
@@ -1,13 +0,0 @@
|
|||||||
services:
|
|
||||||
osiris2fhir:
|
|
||||||
container_name: bridgehead-osiris2fhir
|
|
||||||
image: docker.verbis.dkfz.de/ccp/osiris2fhir:${SITE_ID}
|
|
||||||
environment:
|
|
||||||
SALT: ${LOCAL_SALT}
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.osiris2fhir.rule=PathPrefix(`/osiris2fhir`)"
|
|
||||||
- "traefik.http.middlewares.osiris2fhir_strip.stripprefix.prefixes=/osiris2fhir"
|
|
||||||
- "traefik.http.services.osiris2fhir.loadbalancer.server.port=8080"
|
|
||||||
- "traefik.http.routers.osiris2fhir.tls=true"
|
|
||||||
- "traefik.http.routers.osiris2fhir.middlewares=osiris2fhir_strip,auth"
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
if [ -n "$ENABLE_OSIRIS2FHIR" ]; then
|
|
||||||
log INFO "oBDS2FHIR-REST setup detected -- will start osiris2fhir module."
|
|
||||||
OVERRIDE+=" -f ./pscc/modules/osiris2fhir-compose.yml"
|
|
||||||
LOCAL_SALT="$(echo \"local-random-salt\" | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
|
|
||||||
fi
|
|
||||||
@@ -1,20 +1,20 @@
|
|||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
MIIDNTCCAh2gAwIBAgIUVC1Y1tx0q5PNR33gArAyyBm8PMQwDQYJKoZIhvcNAQEL
|
MIIDNTCCAh2gAwIBAgIUW34NEb7bl0+Ywx+I1VKtY5vpAOowDQYJKoZIhvcNAQEL
|
||||||
BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjUxMTAzMTQxODQ5WhcNMzUx
|
BQAwFjEUMBIGA1UEAxMLQnJva2VyLVJvb3QwHhcNMjQwMTIyMTMzNzEzWhcNMzQw
|
||||||
MTAxMTQxOTE5WjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
|
MTE5MTMzNzQzWjAWMRQwEgYDVQQDEwtCcm9rZXItUm9vdDCCASIwDQYJKoZIhvcN
|
||||||
AQEBBQADggEPADCCAQoCggEBAMB1yd7zkh7Io/ReQYindBcAdA1b4ogdVnrdSLRN
|
AQEBBQADggEPADCCAQoCggEBAL5UegLXTlq3XRRj8LyFs3aF0tpRPVoW9RXp5kFI
|
||||||
N3zLSh6jN5KIXgs34BdRXx0so0m96q+9xlgacTXGRBn1Tu5SKMRyXdxnCLMzHAYU
|
TnBvyO6qjNbMDT/xK+4iDtEX4QQUvsxAKxfXbe9i1jpdwjgH7JHaSGm2IjAiKLqO
|
||||||
rNKhqF5HeZCYkVyh/tsAyFfDwZDVzsdX64V+0r5+raev2X0gJnlgmF83DIKjkVUS
|
OXQQtguWwfNmmp96Ql13ArLj458YH08xMO/w2NFWGwB/hfARa4z/T0afFuc/tKJf
|
||||||
2+c+3BnXa9LOdXks0qygJjvaFyi+5MA3DinLnmMLCQ3yAvaZYWyP3xCnGIoVrZFq
|
XbGCG9xzJ9tmcG45QN8NChGhVvaTweNdVxGWlpHxmi0Mn8OM9CEuB7nPtTTiBuiu
|
||||||
a+YioMCmHrbByuXPoZsXcFY7Z85LQkCtSVt1dH4kkN2/JehXG099nqwMqO8FpLZZ
|
pRC2zVVmNjVp4ktkAqL7IHOz+/F5nhiz6tOika9oD3376Xj055lPznLcTQn2+4d7
|
||||||
xG7/U3P/slX1MMLs97nqRCRoW7Cha2ci1NBYLll+34ekhxMCAwEAAaN7MHkwDgYD
|
K7ZrBopCFxIQPjkgmYRLfPejbpdUjK1UVJw7hbWkqWqH7JMCAwEAAaN7MHkwDgYD
|
||||||
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJHTpnuyIGHw
|
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGjvRcaIP4HM
|
||||||
yvC/mmh+S/JKYVrAMB8GA1UdIwQYMBaAFJHTpnuyIGHwyvC/mmh+S/JKYVrAMBYG
|
poIguUAK9YL2n7fbMB8GA1UdIwQYMBaAFGjvRcaIP4HMpoIguUAK9YL2n7fbMBYG
|
||||||
A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQAeDc/k28yb
|
A1UdEQQPMA2CC0Jyb2tlci1Sb290MA0GCSqGSIb3DQEBCwUAA4IBAQCbzycJSaDm
|
||||||
I5MLC/LdaA+MKsW2FWF9HT+tsbtltTaQIRnnkwfU/40Ius3gzUU5z+kPqq5+kxhy
|
AXXNJqQ88djrKs5MDXS8RIjS/cu2ayuLaYDe+BzVmUXNA0Vt9nZGdaz63SLLcjpU
|
||||||
3T646Rbau85Zw24gdNmiVKAAG5ntKoQ7XnyR/06PYyXNGLqnb6aKvbcIPoWtU/+2
|
fNSxBfKbwmf7s30AK8Cnfj9q4W/BlBeVizUHQsg1+RQpDIdMrRQrwkXv8mfLw+w5
|
||||||
8f5hHdQ/4271aHws7dKcBNWu9V5WmxMZ3YTfnBR5lEda+DhVwHqtmun8EpSbwthD
|
3oaXNW6W/8KpBp/H8TBZ6myl6jCbeR3T8EMXBwipMGop/1zkbF01i98Xpqmhx2+l
|
||||||
aLLIOHJpetr+KWUVFHQdGbO23Qg1Else0Akcn5Gzf/sKkVCVxjHE6jeo4ZwHtstG
|
n+80ofPsSspOo5XmgCZym8CD/m/oFHmjcvOfpOCvDh4PZ+i37pmbSlCYoMpla3u/
|
||||||
KMoff+ETC+DL5kMZ4CV5VaQ4HxVK7N0qiUxmijWe+EyRZseum1c0s2OEi2L52Q9K
|
7MJMP5lugfLBYNDN2p+V4KbHP/cApCDT5UWLOeAWjgiZQtHH5ilDeYqEc1oPjyJt
|
||||||
P4N3yD4ed4p/
|
Rtup0MTxSJtN
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
BROKER_ID=broker.pscc.org
|
BROKER_ID=test-no-real-data.broker.samply.de
|
||||||
BROKER_URL=https://${BROKER_ID}
|
BROKER_URL=https://${BROKER_ID}
|
||||||
PROXY_ID=${SITE_ID}.${BROKER_ID}
|
PROXY_ID=${SITE_ID}.${BROKER_ID}
|
||||||
FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
|
FOCUS_BEAM_SECRET_SHORT="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
FOCUS_TAG=develop
|
FOCUS_TAG=develop
|
||||||
BEAM_TAG=develop
|
BEAM_TAG=develop
|
||||||
BLAZE_TAG=0.32
|
BLAZE_TAG=main
|
||||||
POSTGRES_TAG=15.13-alpine
|
POSTGRES_TAG=15.13-alpine
|
||||||
TEILER_DASHBOARD_TAG=develop
|
TEILER_DASHBOARD_TAG=develop
|
||||||
MTBA_TAG=develop
|
MTBA_TAG=develop
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
FOCUS_TAG=develop
|
FOCUS_TAG=develop
|
||||||
BEAM_TAG=develop
|
BEAM_TAG=develop
|
||||||
BLAZE_TAG=0.32
|
BLAZE_TAG=main
|
||||||
POSTGRES_TAG=15.13-alpine
|
POSTGRES_TAG=15.13-alpine
|
||||||
TEILER_DASHBOARD_TAG=develop
|
TEILER_DASHBOARD_TAG=develop
|
||||||
MTBA_TAG=develop
|
MTBA_TAG=develop
|
||||||
Reference in New Issue
Block a user